Vulnerability Development mailing list archives
Re: History Files
From: mej () VALINUX COM (Michael Jennings)
Date: Sun, 16 Apr 2000 17:44:32 -0700
On Sunday, 16 April 2000, at 13:13:19 (-0700), Corwin J. Grey wrote:
Actually yeah, I did afterwards. I was trying to stick with audit's original method. The exact format I use on our servers is to simply leave the actual .bash_history in the user's home dir and I put a hard link into /var/log/history/user.
1. Login 2. rm $HOME/.bash_history 3. kill -9 <bash pid> 4. Login again 5. <insert desired command here> You can play around with history toys all day long; experienced users are going to notice that "2" link count on their history files and will know exactly how to defeat it. And unless you have a system where users don't own their own files and home directories, there's not much you can do about it like that. I hate to sound like a broken record here, but the solution is accounting, not tricks that will only work on the most clueless of users. Michael -- "Blessed are the shallow; depth they'll never find. Seems to be some comfort in rooms I try to hide. Exposed beyond the shadows, you take the cup from me. Your dirt removes my blindness; your pain becomes my peace." -- Jars of Clay, "Frail" ======================================================================= Michael Jennings <mej () eterm org> www.tcserv.com PGP Key ID: BED09971 Software Engineer, VA Linux Systems Author, Eterm (www.eterm.org)
Current thread:
- Re: History Files, (continued)
- Re: History Files Omachonu Ogali (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Gert-Jan Hagenaars (Apr 16)
- Re: History Files Bluefish (Apr 17)
- Re: History Files Omachonu Ogali (Apr 15)
- Re: History Files Michael Jennings (Apr 15)
- Re: History Files Mark Rafn (Apr 16)
- Alternative to historyfile logging. Joel Eriksson (Apr 17)
- Re: History Files Joel Eriksson (Apr 17)
- Re: History Files spiff (Apr 18)
- Re: History Files Corwin J. Grey (Apr 16)
- Re: History Files Michael Jennings (Apr 16)
- Cooments on the dvwssr.dll vulnerability threads Iván Arce (Apr 17)
- Re: History Files Senior Systems Administrator - Kris W. (Apr 16)
- quick dirty and most of all-easy process accounting via lkm Security Team (Apr 16)
- Re: History Files George Dodd (Apr 18)
- Re: History Files Perly (Apr 19)
- Re: History Files joyce (Apr 19)
- non-exec stack Lamagra Argamal (Apr 19)
- Weakness of static addr & MySQL database Tompkins, William A (Apr 20)
- Re: Weakness of static addr & MySQL database Jim Kinney (Apr 20)